The Australian Federal Police has declined to confirm claims by defunct web hosting company DistributeIT that the suspect it arrested this week in connection with telco hacking charges was also suspected of being the same hacker which destroyed DistributeIT’s web hosting infrastructure in mid-June.
This morning, the AFP revealed it had arrested a 25-year-old Cowra man on 49 hacking charges, after a six month investigation into his online activities, including an attack on the systems of Platform Networks, a wholesale internet service provider based in Sydney. The AFP noted that hundreds of other Australian and international services might have been compromised, and that further charges would be likely to follow.
Following the statement, DistributeIT issued a separate notice claiming that the Cowra man was the same hacker, who styles himself ‘Evil’ online, who had attacked its systems last month. The attack rendered the data of thousands of the company’s customers unrecoverable and resulted in the fire sale of its business to fellow hosting company Netregistry.
However, responding to questions on the matter this afternoon, the AFP would not confirm the alleged link. “The man arrested on hacking offences has only been charged with offences that relate to Platform Networks,” an AFP spokesperson said. “The AFP cannot speculate on charges that have not yet been laid.”
This morning, the AFP noted that it had been investigating the Cowra man over a six month period, culminating in this week’s arrest. In its separate statement this afternoon, the AFP spokesperson noted that the police investigation commenced with a break-in which affected the website of Sydney University in January 2011.
If the Cowra man is the same ‘Evil’ hacker who destroyed DistributeIT’s systems, this timeframe implies the AFP had already been investigating the suspect for a period of six months leading up to the DistributeIT hacks, which saw thousands of Australian businesses lose their data and the web hosting company forced into a fire sale.
The AFP was today asked to comment on whether it believed the timeliness of its arrest was appropriate, given it occurred after the DistributeIT attack.
“This operation commenced with the compromise of the Sydney University website in January, 2011,” the spokesperson responded. “In the investigation’s early stages, this compromise was the AFP’s central focus.”
“While progressing the investigation, the AFP became aware of a number of other compromises, including the Distribute IT intrusion, after they had taken place. As the AFP continues to investigate these compromises it would not be appropriate to make further comment at this time.”
The news comes as the AFP’s high-tech crime operation has suffered other delays in investigating potential cyber-crimes in Australia over the past several years. In August 2009, the loose-knit coalition of online vandals known as ‘Anonymous’ publicly warned the Federal Government that it was planning a coordinated denial of service attack on government infrastructure.
Despite the advance notice, one month later, the attack went ahead, successfully knocking offline the websites of the Prime Minister and the Australian Communications and Media Authority. In addition, the email accounts and fax machines of government workers were also targeted.
Also, in August 2009, the AFP raided a suspected Internet fraudster based in Melbourne, in a high-profile event which was broadcast nationally on the ABC’s Four Corners program. At the time, the AFP had infiltrated a forum and were monitoring an individual with the code name “Prelude Si”. However, in November 2009, the AFP confirmed it had not arrested the individual whose premises it raided, and didn’t intend to take any further action against him.
In December 2010, the AFP arrested a 33-year-old man from Hampton Park in Victoria, claiming he hacked into more than 90 internet accounts. However, it remains unclear whether any charges were successfully laid after the arrest.